Android is a pretty secure system by design. The biggest security risk to Android is Android users. A user is also the most effective security protection. IMHO antivirus is kinda worthless. Instead of antivirus apps install Common Sense. Use it at all times. That is the most effective protection.

1. Use a password or pattern lock to keep people out.

2. Be very careful where you get software. Use only very trustworthy sources, basically the Play store and Amazon.

3. In Settings > Security > Device administration leave Unknown sources disabled. If you must enable it to do an install don't forget to disable it when done.

4. Do not root the phone unless you have you have the knowledge and willingness to do the firewalling and work necessary to secure a rooted device. Rooting breaks basic Android security features such as user permissions and sandboxed apps.

5. Pay close attention to permissions requested by apps during installation.

6. Use 2-step authentication. But I admit, I don't do this because I find it to be a PITA.

Follow these simple steps and you will have no problems. You might consider encrypting the device but there are pros and cons to that.